b"December 3, 1999\n\nCLARENCE E. LEWIS, JR.\nCHIEF OPERATING OFFICER\n AND EXECUTIVE VICE PRESIDENT\n\nNORMAN E. LORENTZ\nSENIOR VICE PRESIDENT,\n CHIEF TECHNOLOGY OFFICER\n\nSUBJECT:\t Year 2000 Business Contingency and Continuity Planning:\n          Plan Development and Testing (Report Number TR-AR-00-001)\n\nThis report presents the results of the Office of Inspector General\xe2\x80\x99s second review of the\nUnited States Postal Service\xe2\x80\x99s Year 2000 (Y2K) Business Contingency and Continuity\nPlanning Initiative (Project Number 00PA016TR000). During this review, we noted that\nwhile the Postal Service had made significant progress in documenting plans, a\ncontingency plan had not been developed for one critical system. Also, contingency\nand continuity plans were often not complete, well integrated, or adequately tested. To\nthe extent that corrective actions are not taken to address these issues, the Postal\nService may increase the risk of disruptions to core business processes in the event of\nY2K disruptions. Management agreed with two recommendations, agreed in part with\ntwo more, and disagreed with one recommendation. Management has initiatives in\nprogress, completed, or planned addressing the issues in this report. Management\xe2\x80\x99s\ncomments and our evaluation of these responses are included in the report.\n\nWe appreciate the cooperation and courtesies provided by your staff during the audit. If\nyou have any questions, please contact Debra Ritt, director, Transportation, at (703)\n248-2198 or me at (703) 248-2300.\n\n\n\nRichard F. Chambers\nAssistant Inspector General\n for Performance\n\nAttachment\n\x0ccc:\t Richard D. Weirich\n     Nicholas F. Barranca\n     Jim Golden\n     John R. Gunnels\n\x0cY2K Business Contingency and Continuity Planning:                                       TR-AR-00-001\n Plan Development and Testing\n\n\n                                 TABLE OF CONTENTS\nPart I\nExecutive Summary\n                                                                          i\n\nPart II\n\nIntroduction\n    Background                                                                             1\n\n    Objective, Scope, and Methodology                                                      2\n\n    Prior Audit Coverage                                                                   3\n\n\nAudit Results\n\n  Plan Inventory                                                                           4\n\n  Recommendation                                                                           4\n\n  Management\xe2\x80\x99s Comments                                                                    5\n\n  Evaluation of Management\xe2\x80\x99s Comments                                                      5\n\n\n   Adequacy of Plans                                                                       6\n\n   Contingency Plans                                                                       6\n\n   Continuity Plans                                                                        8\n\n   Recommendations                                                                         10\n\n   Management\xe2\x80\x99s Comments                                                                   10\n\n   Evaluation of Management\xe2\x80\x99s Comments                                                     10\n\n\n   Testing                                                                                 12\n\n   Recommendation                                                                          13\n\n   Management\xe2\x80\x99s Comments                                                                   13\n\n   Evaluation of Management\xe2\x80\x99s Comments                                                     13\n\n\n   Quality Assurance Process                                                               14\n\n   Recommendation                                                                          15\n\n   Management\xe2\x80\x99s Comments                                                                   15\n\n   Evaluation of Management\xe2\x80\x99s Comments                                                     15\n\n\nAppendices\n  Appendix A.       Results of Contingency Plan Reviews                                    16\n\n  Appendix B.       Prior Inspector General Y2K Reports                                    19\n\n  Appendix C.       Statistical Sampling and Projections for Review of                     21\n\n                    Year 2000 Continuity Plans\n\n   Appendix D.      Contingency and Continuity Plans with Inadequate                       22\n\n                    Testing Justification\n\n   Appendix E.      Management\xe2\x80\x99s Comments                                                  24\n\n\n\n\n\n                   This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                          Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                                       TR-AR-00-001\n Plan Development and Testing\n\n\n                                       EXECUTIVE SUMMARY\nIntroduction                       This is the Office of Inspector General\xe2\x80\x99s (OIG) second\n                                   report on the status and quality of the United States Postal\n                                   Service\xe2\x80\x99s (Postal Service) business contingency and\n                                   continuity plans,1 and the eleventh in a series of reports2\n                                   regarding the Postal Service Year 2000 (Y2K) initiative.\n                                   This report addresses whether contingency and continuity\n                                   plans: (1) exist for all high-impact areas, (2) are adequate\n                                   for successful implementation, and (3) have been\n                                   sufficiently tested.\n\nResults in Brief                  The Postal Service has made significant progress in\n                                  developing business contingency and continuity plans. To\n                                  date continuity plans have been prepared for 32 high-impact\n                                  disruptions and contingency plans have been prepared for\n                                  173 severe or critical systems and equipment. However, a\n                                  contingency plan has yet to be developed for the Equal\n                                  Employment Opportunity Complaint Tracking System.\n                                  Without a plan, should a disruption occur, the Postal Service\n                                  might not be able to process complaints within legal time\n                                  requirements. Additionally, although the Postal Service has\n                                  continuity plans for high-impact areas, it has not yet\n                                  developed contingency plans for all external suppliers. If\n                                  these plans are not completed, managers may not have\n                                  alternative suppliers to rely on in the event that primary\n                                  suppliers encounter Y2K disruptions.\n\n                                  Furthermore, while the Postal Service had developed plans\n                                  for its high-impact areas, plan quality varied. Specifically,\n                                  contingency plans did not adequately address at least 4 to\n                                  as many as 11 of 12 key elements recommended by Postal\n                                  Service standards. While plan elements vary in importance,\n                                  each element increases Postal Service preparedness to\n                                  handle disruptions. Therefore, to the extent that plans\n                                  exclude some of the elements, the Postal Service may\n                                  encounter delays in recovering from disruptions in critical\n                                  business functions and information processing. Finally, we\n                                  noted that 16 contingency plans did not adequately identify\n                                  other supporting plans. As a result, users may not be able\n                                  to access information needed to fully implement contingency\n                                  plans.\n1\n  Continuity plans address pote ntial failures primarily caused by errors in business partner or public infrastructure\nsystems, while contingency plans address potential failures in systems internal to the Postal Service.\n2\n  See Appendix B for a list of these reports.\n\n                                                       i\n                       This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                              Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                              TR-AR-00-001\n Plan Development and Testing\n\n\n\n                                     Similar to our review of contingency plans, our review of\n                                     continuity plans disclosed incomplete areas. Continuity\n                                     plans generally did not include well-defined operating\n                                     procedures for 17 of 32 disruption scenarios, nor were\n                                     resource requirements fully developed for the 32 scenarios.\n                                     As a result, the Postal Service may not have a well-defined\n                                     response to disruptions and staff may not be fully prepared\n                                     to manage them.\n\n                                     We also found that the Postal Service was identifying roles\n                                     and responsibilities for Y2K business resumption activities\n                                     under an initiative separate from its business contingency\n                                     and continuity planning initiative. Accordingly, Postal\n                                     Service management should ensure that these areas are\n                                     integrated into continuity plans and that plans adequately\n                                     reference activities that support them.\n\n                                     Key to preparing for Y2K, is the testing of contingency and\n                                     continuity plans. Testing is particularly needed to determine\n                                     whether incomplete plans are capable of supporting the\n                                     agency's core business processes and can be implemented\n                                     within a specified period of time. However, the Postal\n                                     Service does not plan to test 124 (60 percent) of its plans, all\n                                     of which were incomplete in some manner. In addition, the\n                                     Postal Service did not adequately justify its reasons for not\n                                     testing at least 44 of the 124 plans. Further, we could not\n                                     determine whether the Postal Service considered testing all\n                                     plan scenarios relating to severe or critical Finance systems.\n\n                                     Since our last report,3 the Postal Service has proposed\n                                     steps to enhance quality assurance over its contingency and\n                                     continuity planning efforts. While these proposed steps are\n                                     commendable, greater oversight and testing of plans is\n                                     needed to ensure they are consistent, properly integrated\n                                     and sufficiently tested across organizational initiatives. In\n                                     addressing the deficiencies we noted, the quality assurance\n                                     process should consider the time remaining before the\n                                     calendar year rollover, possible leap year disruptions, and\n                                     operational disruptions from computer security failures that\n                                     may interrupt mail services.\n\n\n\n3\n    See Appendix B for a listing of reports.\n\n                                                          ii\n                          This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                                 Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                       TR-AR-00-001\n Plan Development and Testing\n\n\nSummary of                   While it may not be practical to refine all contingency and\nRecommendations              continuity plans by the end of the year, the Postal Service\n                             should concentrate on those of highest impact to its\n                             operations. At a minimum, we recommend that the Postal\n                             Service develop a plan for the Equal Employment\n                             Opportunity Complaint Tracking System and expand testing\n                             to those areas where plans are not fully developed. We also\n                             recommend that management ensure that proposed quality\n                             assurance steps be taken to ensure that plans are\n                             adequately integrated with other supporting plans and\n                             organizational initiatives, and are properly tested. In the\n                             long-term, we believe the Postal Service needs to consider\n                             not only possible leap year disruptions, but also operational\n                             disruptions from computer security failures that may interrupt\n                             mail services. For these reasons, comprehensive plans for\n                             all severe or critical systems and for all high-impact failure\n                             scenarios should be pursued.\n\nSummary of                   Management agreed with our findings and\nManagement\xe2\x80\x99s                 recommendations to develop a plan for the Equal\nComments                     Opportunity Complaint Tracking System and to require that\n                             quality assurance steps be taken to ensure that plans are\n                             adequately integrated and properly tested. In addition,\n                             management agreed with our finding and recommendation\n                             to integrate supporting contingency and continuity plans, but\n                             did not agree to integrate other organizational initiatives.\n                             They stated there was less value in integrating plans with\n                             other initiatives such as deployment, assignment of roles\n                             and responsibilities, and change configuration management\n                             because overall year 2000 program interdependencies are\n                             actively monitored by the senior executive council.\n                             Management also agreed that they needed to update and\n                             improve plans and directed business owners to conduct\n                             additional reviews. Any plans found lacking would be\n                             updated and republished.\n\n                             Management disagreed with our recommendation, as\n                             stated, to expand the testing of contingency and continuity\n                             plans. However, management plans to require, where\n                             appropriate, business owners to either provide adequate\n                             justification for not testing plans or conduct tests.\n\n                             We have summarized management\xe2\x80\x99s comments in the\n                             report and included the full text of their comments in\n                             Appendix E.\n                                                   iii\n                   This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                          Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                       TR-AR-00-001\n Plan Development and Testing\n\n\n\nOverall Evaluation of        Management\xe2\x80\x99s comments were generally responsive to our\nManagement\xe2\x80\x99s                 findings and recommendations. Planned and on-going\nComments                     actions should further mitigate the risk of potential year 2000\n                             disruptions. While we found management comments\n                             generally responsive, we continue to believe that\n                             organizational integration is critical to ensure adequate\n                             coordination between related initiatives. Because the Postal\n                             Service used a fragmented approach to planning and lacked\n                             an adequate quality assurance process, we are not\n                             confident that the monitoring performed by the senior\n                             executive council is sufficient to ensure interdependencies\n                             are adequately coordinated.\n\n                             Although management disagreed with our recommendation\n                             relating to the testing of plans as stated, we found\n                             management\xe2\x80\x99s action to ask business owners to either\n                             further justify not testing or conduct tests, responsive to our\n                             findings. Such actions further validate management\xe2\x80\x99s efforts\n                             to mitigate year 2000 disruptions.\n\n\n\n\n                                                   iv\n                   This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                          Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                                           TR-AR-00-001\n Plan Development and Testing\n\n\n                                                INTRODUCTION\nBackground\t                          The Y2K computing problem poses significant risks that, if\n                                     not adequately addressed, could have serious\n                                     consequences for the Postal Service. For example, the\n                                     timely delivery of the nation\xe2\x80\x99s mail could be at risk if Postal\n                                     Service systems and equipment do not function properly.\n                                     Ensuring that mail delivery is not disrupted at the turn of the\n                                     century is no small undertaking in such a large and diverse\n                                     organization as the Postal Service.\n\n                                     In June 1999, the Postal Service headquarters developed a\n                                     continuity plan that addressed 32 external failure scenarios,\n                                     which could occur primarily due to disruptions in business\n                                     partner or public infrastructure systems. This plan was\n                                     subsequently distributed to the field for local adaptation, and\n                                     508 local plans were generated from the master plan. The\n                                     scenarios within this plan comprise disruptions to:\n\n                                     \xef\xbf\xbd    Public infrastructure (e.g., banking, telecommunications,\n                                          and electrical power);\n                                     \xef\xbf\xbd    Postal Service supply chain (e.g., air transportation, and\n                                          surface transportation);\n                                     \xef\xbf\xbd    Critical inventory (e.g., mail transport equipment,\n                                          stamps, and supplies);\n                                     \xef\xbf\xbd    Mailing patterns resulting from changes in mailer\n                                          behavior; and\n                                     \xef\xbf\xbd    Services provided by high-impact, critical business\n                                          partners.\n\n                                     In addition, as of September 1999, the Postal Service\n                                     reported that it had developed contingency plans to mitigate\n                                     potential Y2K disruptions for 220 internal systems, including\n                                     137 classified as severe4 or critical5 information systems and\n                                     another 38 pertaining to mail processing systems. These\n                                     plans were developed by each of the five core business\n                                     areas--Processing and Distribution, Finance, Marketing,\n                                     Mail Operations, and Enabling.\n\n                                     There are several offices within the Postal Service\n                                     responsible for completing Y2K program initiatives. The\n                                     chief operating officer and executive vice president serves\n4\n    Severe systems are those that are crucial to core business activities.\n\n5\n    Critical systems are those which, in the event of failure, will have significant impact on Postal Service\xe2\x80\x99s operations.\n\n\n                                                          1\n                          This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                                 Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                            TR-AR-00-001\n Plan Development and Testing\n\n\n                              as the lead executive for business continuity planning. The\n                              senior vice president, chief technology officer is responsible\n                              for contingency plans relating to internal system failures.6\n\nObjective, Scope, and         The overall objective of our continuing audit coverage is to\nMethodology                   report on the status and quality of Y2K business\n                              contingency and continuity plans. This report addresses the\n                              last two phases of business contingency and continuity\n                              planning recommended by GAO7\xe2\x80\x94plan development and\n                              testing. Our specific objectives were to determine whether\n                              contingency and continuity plans (1) exist for all high-impact\n                              areas, (2) are adequate for successful implementation, and\n                              (3) have been sufficiently tested.\n\n                              To determine whether contingency and continuity plans\n                              exist for all high-impact areas, we reconciled Postal Service\n                              plans to progress reports and to its inventory of severe or\n                              critical systems as of September 30, 1999.\n\n                              In assessing the completeness of contingency plans for\n                              information and mail processing systems, we compared\n                              them to standards developed by the Postal Service. Postal\n                              Service standards highlighted 12 elements of a successful\n                              plan. A consultant engaged in auditing Y2K business\n                              contingency and continuity plans also validated our\n                              evaluation criteria. To the extent that contingency plans\n                              supported continuity plans or other contingency plans, we\n                              considered the adequacy of both plans in our assessments.\n\n                              To evaluate the adequacy of Postal Service plans, we\n                              assessed the completeness of plans and level of integration\n                              between contingency and continuity plans. In assessing\n                              plan completeness, we compared the master continuity plan\n                              to standards issued by the Mitre Corporation, Information\n                              Systems Audit and Control Association, and the Federal\n                              Financial Institutions Examination Council. In addition, to\n                              determine the level of customization of the master plan that\n                              was performed by 508 field units for the 32 failure\n                              scenarios, we reviewed a statistically selected sample of\n                              115 field continuity plans.\n\n\n                              To assess the sufficiency of plan testing, we reviewed\n6\n                              planned tests as well as the first round of testing results. In\nA system comprises several components or subsystems.\n\n7\nYear 2000 Computing Crisis: Business Continuity and Contingency Planning (GAO/AIMD-10.1.19, August 1998).\n\n\n                                                    2\n                    This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                           Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                              TR-AR-00-001\n Plan Development and Testing\n\n\n                                     planned tests as well as the first round of testing results. In\n                                     addition, where available, we analyzed test decisions to\n                                     determine whether the Postal Service adequately supported\n                                     decisions not to test.\n\n                                     Our audit work was accomplished during the period August\n                                     1999 to November 1999 in accordance with generally\n                                     accepted government auditing standards and included tests\n                                     of internal controls as were considered necessary under the\n                                     circumstances.\n\nPrior Audit Coverage                 During our continuing coverage of the Postal Service Y2K\n                                     initiative, we issued ten reports8 covering remediation,\n                                     validation, reporting quality, budgeting, contracting, and\n                                     business continuity planning. In our previous audit of\n                                     business contingency and continuity planning, we noted\n                                     several areas where management needed to strengthen its\n                                     strategy and business impact analysis. We recommended\n                                     that the chief operating officer and executive vice president\n                                     (1) specify the extent of testing for contingency plans and\n                                     monitor remaining milestones, (2) ensure sufficient funding\n                                     for plan execution, (3) establish a more comprehensive\n                                     quality assurance process, (4) revise supplier assessments\n                                     and make adjustments to plans accordingly, and (5)\n                                     communicate service commitment expectations to the field.\n                                     Management agreed with our findings and\n                                     recommendations. Their planned or completed actions\n                                     were responsive to our recommendations.\n\n\n\n\n8\n    See Appendix B for a listing of reports.\n\n                                                          3\n                          This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                                 Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                                   TR-AR-00-001\n Plan Development and Testing\n\n\n                                           AUDIT RESULTS\n    Plan Inventory                 The Postal Service has made significant progress in\n                                   developing contingency and continuity plans. Continuity\n                                   plans have been developed for 32 high-impact disruptions\n                                   and contingency plans have been prepared for 1739 severe\n                                   or critical information systems and equipment. However, a\n                                   contingency plan has not yet been developed for one\n                                   critical system--the Equal Employment Opportunity\n                                   Complaint Tracking System,10 within the Enabling business\n                                   area. This system is used to track complaints filed and the\n                                   timeliness of complaint investigation and processing.\n                                   Without a plan for this system, the Postal Service may not\n                                   be able to process complaints within legal time\n                                   requirements should Y2K disruptions occur.\n\n                                   Although the Postal Service has continuity plans for high\xc2\xad\n                                   impact areas, including business partner and public\n                                   infrastructure systems, plans have not been developed in\n                                   the event that critical external suppliers are not Y2K\n                                   compliant. The Postal Service stated that it was developing\n                                   supplier contingency plans; however, because there is less\n                                   than two months remaining before the end of the year, we\n                                   are concerned they may not have sufficient time to\n                                   complete these plans. As a result, if suppliers cannot\n                                   perform, managers may not have alternative suppliers to\n                                   turn to on short notice. This issue and related\n                                   recommendations are discussed in greater detail in our\n                                   November 1999 report.11\n\n    Recommendation\t                We recommend that the chief operating officer and\n                                   executive vice president, in conjunction with the senior vice\n                                   president, chief technology officer :\n\n                                   1. Ensure that a plan is developed for the Equal\n                                      Employment Opportunity Complaint Tracking System.\n\n\n\n\n9\n  Contingency plans relating to two of the severe or critical information and mail processing systems (the Equal\nEmployment Opportunity Complaint Tracking System and the Address Management System - Personal Computer)\nwere not reviewed\n10\n   Index number 1012.00 in Postal Service\xe2\x80\x99s inventory.\n11\n   Year 2000 Initiative: Suppliers, Mail Processing Equipment, Facilities, and Embedded Chips (Report No. IS-AR-00-\n001).\n\n                                                      4\n                      This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                             Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                       TR-AR-00-001\n Plan Development and Testing\n\n\n\n Management\xe2\x80\x99s \t                Management agreed with our finding and recommendation\n Comments\t                     to develop a plan for the Equal Opportunity Complaint\n                               Tracking System. They stated that although the original\n                               plan could not be located, a new plan has been developed\n                               for this system.\n Evaluation of                 Management\xe2\x80\x99s comments are responsive to our finding and\n Management\xe2\x80\x99s                  recommendation. The development of a contingency plan\n Comments                      for the Equal Opportunity Complaint Tracking System\n                               completes the Postal Service requirement to have plans for\n                               all severe or critical systems.\n\n\n\n\n                                                   5\n                   This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                          Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                                  TR-AR-00-001\n Plan Development and Testing\n\n\n\nAdequacy of Plans\t               Because of the risk of Y2K failures, comprehensive\n                                 business contingency and continuity plans are essential to\n                                 continuing core operations. Without well-defined plans, the\n                                 Postal Service may not be able to respond appropriately or\n                                 have sufficient time to develop alternatives if unpredicted\n                                 failures occur.\n\nContingency Plans\t               Contingency plans for 173 severe or critical information and\n                                 mail processing systems we reviewed did not adequately\n                                 address at least 4 to as many as 11 of the 12 elements\n                                 recommended by Postal Service standards. According to\n                                 these standards,12 plans should address the following 12\n                                 key elements:\n\n                                 \xe2\x80\xa2\t Objective or scenario,\n                                 \xe2\x80\xa2\t Criteria/trigger for invoking the plan,\n                                 \xe2\x80\xa2\t Expected life of the plan,\n                                 \xe2\x80\xa2\t Procedures for operating in contingency mode,\n                                 \xe2\x80\xa2\t Roles assigned to actions,\n                                 \xe2\x80\xa2\t Responsibilities assigned to individuals,\n                                 \xe2\x80\xa2\t Authority to execute plans,\n                                 \xe2\x80\xa2\t Personnel required to execute plans,\n                                 \xe2\x80\xa2\t Scheduling of labor,\n                                 \xe2\x80\xa2\t Tools --e.g., materials, supplies, facilities,\n                                    communications equipment,\n                                 \xe2\x80\xa2\t Funding requirements, and\n                                 \xe2\x80\xa2\t Criteria and procedures for returning to normal\n                                    operations (normalization procedures).\n\n                                 According to Postal Service officials, these standards vary\n                                 in importance and the absence of any one element may not\n                                 render the plan ineffective. However, industry standards\n                                 acknowledge that the 12 elements are all important for\n                                 successful plan implementation. The absence of one or\n                                 more of these elements increases the risk that the plan may\n                                 not work as intended. The quality of plans varied by the\n                                 five business areas. Plans in the Processing and\n                                 Distribution Systems area were most complete, while those\n                                 in the Enabling area were least complete.\n\n\n\n12\n   USPS standards are consistent with industry standards such as the Mitre Corporation, Information Systems Audit\nand Control Association, and the Federal Financial Institutions Examination Council.\n\n                                                      6\n                      This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                             Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                                   TR-AR-00-001\n Plan Development and Testing\n\n\n                                  The 38 plans addressing processing and distribution\n                                  systems were generally missing parts of four key elements\n                                  (objectives, assigning responsibility to individuals,\n                                  scheduling, and tools) needed for successful plan\n                                  implementation. For example, individuals responsible for\n                                  implementing the plan were not identified. This element is\n                                  needed to ensure that accountability for all plan steps has\n                                  been assigned. Further, under the areas of scheduling and\n                                  tools, current software versions are to be installed and\n                                  hardware configurations checked before the contingency\n                                  plan can be implemented. However, none of the\n                                  contingency plans showed whether or when these steps\n                                  had to be done. As stated in our November 1999 Y2K\n                                  report,13 while the Postal Service has an adequate process\n                                  in place to ensure critical mail processing equipment\n                                  functions properly, it also needs to closely monitor\n                                  deployment of Y2K remediated software to ensure the\n                                  correct versions are being installed prior to Y2K.\n\n                                  Following processing systems, 43 Finance and 28\n                                  Marketing plans generally did not adequately address\n                                  seven elements from the standards. For Finance plans,\n                                  four of the seven elements related to general resource\n                                  requirements: personnel, scheduling, tools, and funding.\n                                  The remaining three elements included assigning individual\n                                  responsibilities, associating roles with actions, and\n                                  including procedures for returning to normal operations.\n                                  We noted that while these elements often were not\n                                  addressed in contingency plans, they were at times stated\n                                  in separate communications plans. Similarly, Marketing\n                                  plans did not adequately address roles, responsibilities, and\n                                  resource requirements. In addition, Marketing plans did not\n                                  adequately address the life of plans.\n\n                                  Furthermore, 31 Mail Operations plans generally did not\n                                  adequately address nine elements including triggers, plan\n                                  life, roles, responsibilities, personnel requirements,\n                                  scheduling, tools, funding, and well-defined objectives.\n\n                                  Finally, 33 plans in the Enabling business area generally\n                                  did not adequately address 11 key elements. The only key\n                                  element that was complete was contact information for\n                                  personnel with authority to invoke the plans.\n13\n   Year 2000 Initiative: Suppliers, Mail Processing Equipment, Facilities, and Embedded Chips (Report No. IS-AR-00-\n001).\n\n                                                      7\n                      This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                             Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                              TR-AR-00-001\n Plan Development and Testing\n\n\n\n                                      Contingency plans were incomplete because they were\n                                      developed by several different business areas that were\n                                      given maximum latitude to design plans as they saw fit.\n                                      While this approach ensured plans were developed by\n                                      those most knowledgeable of the severe or critical systems,\n                                      it resulted in inconsistent plan development. In addition, a\n                                      centralized quality assurance process was not in place to\n                                      ensure that plans were revised in accordance with Postal\n                                      Service standards. Without comprehensive contingency\n                                      plans, the Postal Service may encounter delays in\n                                      recovering critical business functions and information\n                                      processing.\n\n                                      We also noted that 16 contingency plans cited\n                                      dependencies on other plans, but did not adequately refer\n                                      to those plans. For example, the contingency plan for the\n                                      Intra-Alaska Dispatch System referred to a group of\n                                      Process Accounts Payable plans, but did not reference a\n                                      specific plan under this grouping. In another example, key\n                                      elements for the Finance area were spread between\n                                      contingency plans and communications plans. Providing\n                                      minimal reference information and dividing key elements\n                                      among separate plans makes it more difficult for users to\n                                      readily access information needed for operating in a\n                                      contingency mode.\n\n                                      Detailed results of our review of each business area are\n                                      provided in Appendix A.\n\nContinuity Plans\t                     Continuity plans were incomplete for the 32 high-impact\n                                      disruption scenarios. Specifically, plans did not include\n                                      well-defined operating procedures for 17 of the 32\n                                      scenarios, nor were resource requirements fully developed\n                                      for the 32 scenarios. Although headquarters expected\n                                      procedures and resource requirements to be further defined\n                                      by field units, we estimated that at least 91 percent of 508\n                                      field plans 14 were not modified beyond providing additional\n                                      contact information. As a result, the Postal Service may not\n                                      have a well-defined response and staff may not be fully\n                                      prepared to manage disruptions. Prolonged business\n                                      disruptions could jeopardize the Postal Service's image as\n                                      a reliable provider of mail services.\n\n14\n     See Appendix C for the basis of our statistical analysis.\n\n                                                          8\n                          This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                                 Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                       TR-AR-00-001\n Plan Development and Testing\n\n\n                              In 6 of 17 scenarios, we also noted that procedures would\n                              not be developed until the time of disruption or were to be\n                              addressed under a separate initiative. For example, in the\n                              event of a Customs failure impacting the flow of\n                              international mail, the Postal Service\xe2\x80\x99s plan is to work with\n                              Customs to determine the best plan for either holding the\n                              mail or manually processing selected items. In another\n                              example, procedures for restoring data communications\n                              were being developed under a separate information\n                              technology initiative. While this may be true, the Postal\n                              Service was unable to demonstrate that these procedures\n                              had been developed or reconciled to business continuity\n                              scenarios to ensure organizational readiness in these\n                              areas. We believe the absence of procedures may\n                              contribute to unnecessary delays in moving the mail.\n\n                              In addition, other factors critical to successful plan\n                              implementation were being addressed under separate\n                              organizational initiatives and were not integrated into\n                              continuity plans. For example, Postal Service\n                              representatives stated that assigning roles and\n                              responsibilities for business resumption activities is being\n                              addressed under the recovery management initiative.\n                              While this may be true, recovery management is not\n                              responsible for assigning roles and responsibilities. Field\n                              units are ultimately responsible for this activity, but currently\n                              there is no process in place to ensure this occurs. As a\n                              result, a single continuity plan, by itself, does not contain all\n                              of the elements needed for successful implementation,\n                              which creates challenges for the field if plans are to be\n                              implemented.\n\n                              In addition, plans did not refer to supporting activities or to\n                              other plans that support them. For example, in 11 of 32\n                              scenarios, continuity plan procedures included executing\n                              contingency plans; however, they did not refer to specific\n                              contingency plans.\n\n                              With little time remaining before the calendar year rollover,\n                              the Postal Service will need to determine how best to\n                              address plan deficiencies. While it may not be practical to\n                              complete development of all contingency and continuity\n                              plans by the end of the year, the Postal Service will need to\n                              concentrate on those highest impact plans. However, in\n                              the long-term, the Postal Service needs to consider not only\n\n                                                   9\n                   This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                          Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                       TR-AR-00-001\n Plan Development and Testing\n\n\n                              possible leap year disruptions, but also operational\n                              disruptions from computer security failures that disrupt mail\n                              services. For these reasons, comprehensive plans for all\n                              severe or critical systems and for all high-impact failure\n                              scenarios should be pursued.\n\nRecommendations \t             We recommend that the chief operating officer and\n                              executive vice president, in conjunction with the senior vice\n                              president, chief technology officer:\n\n                              2. Integrate supporting contingency and continuity plans\n                                 and other organizational initiatives.\n\nManagement\xe2\x80\x99s                  Management agreed with our finding and recommendation\nComments                      (number 2) to integrate supporting contingency and\n                              continuity plans but did not agree to integrate other\n                              organizational initiatives. They stated there was less value\n                              in integrating plans with other initiatives such as\n                              deployment, assignment of roles and responsibilities, and\n                              change configuration management because overall\n                              year 2000 program interdependencies are actively\n                              monitored by the senior executive council. Moreover,\n                              management implied that the Office of Management and\n                              Budget has endorsed their decision not to include individual\n                              roles and responsibilities in business contingency and\n                              continuity plans.\n\nEvaluation of                 Management\xe2\x80\x99s comments were not fully responsive to our\nManagement\xe2\x80\x99s                  findings and recommendation regarding plan integration.\nComments                      While management agreed to better integrate contingency\n                              and continuity plans, they did not agree to integrate plans\n                              with other organizational initiatives. We continue to believe\n                              that this type of integration is critical to ensure adequate\n                              coordination between related initiatives. Because the\n                              Postal Service used a fragmented approach to planning\n                              and lacked an adequate quality assurance process, we are\n                              not confident that the monitoring performed by the senior\n                              executive council is sufficient to ensure interdependencies\n                              are adequately coordinated. In addition, we believe\n                              management has taken the Office of Management and\n                              Budget\xe2\x80\x99s statement regarding the assignment of roles and\n                              responsibilities out of context. The Office of Management\n                              and Budget\xe2\x80\x99s statement related to the Postal Service\xe2\x80\x99s Day\n                              One Strategy Guide, and not its continuity or contingency\n                              plans. Contrary to management\xe2\x80\x99s assertion, industry\n\n                                                   10\n                   This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                          Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                       TR-AR-00-001\n Plan Development and Testing\n\n\n                              guidance suggests that plans should describe the\n                              assignment of roles and responsibilities of key individuals.\n                              This is needed to ensure that these individuals are familiar\n                              with their roles and responsibilities for executing plan steps.\n\n                              In the long-term we recommend that the chief operating\n                              officer and executive vice president, in conjunction with the\n                              senior vice president, chief technology officer direct\n                              business areas to:\n\n                              3. Further complete business contingency and continuity\n                                 plans, beginning with those areas of greatest risk.\n\nManagement\xe2\x80\x99s                  Management agreed with recommendation 3 that they\nComments                      needed to update and improve plans but stated that they\n                              considered all elements and only included those they\n                              believed was appropriate. Nevertheless, in light of our\n                              findings, management is directing business owners to\n                              conduct additional reviews of plans and update and\n                              republish any plans found lacking.\nEvaluation of                 Management\xe2\x80\x99s actions to conduct additional reviews of\nManagement\xe2\x80\x99s                  plans and update where necessary are responsive to our\nComments                      findings and recommendation. Additional reviews focusing\n                              on the completeness of plans should further strengthen\n                              management\xe2\x80\x99s efforts to mitigate year 2000 disruptions.\n\n\n\n\n                                                   11\n                   This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                          Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                                     TR-AR-00-001\n Plan Development and Testing\n\n\n\nTesting\t                          Key to preparing for Y2K is the testing of contingency and\n                                  continuity plans. Testing is needed to determine whether\n                                  plans are capable of providing the level of support to the\n                                  agency's core business processes and can be implemented\n                                  within a specified period of time. Integration testing across\n                                  multiple departments, including external business entities as\n                                  appropriate, must also be conducted where needed. Thus,\n                                  testing should uncover operational elements requiring\n                                  adjustments to assure successful plan execution and assure\n                                  that individuals understand the procedures and their roles.\n\n                                  We found that the Postal Service does not plan to test 124\n                                  (60 percent),15 of its business continuity and severe or\n                                  critical contingency plans, although testing is encouraged by\n                                  GAO and industry standards and, as discussed previously,\n                                  plans are generally incomplete. According to the Postal\n                                  Service, the 124 plans comprise standard operating\n                                  procedure or are so simple they do not require rehearsal.\n                                  Specifically, 49 plans address standard operating\n                                  procedures and 75 plans were considered to be simple to\n                                  execute. We believe the importance of testing cannot be\n                                  overemphasized because in 19 cases where the Postal\n                                  Service conducted pre-tests, plans delivered unanticipated\n                                  results and required adjustments. Specifically, Y2K\n                                  representatives for the Forwarding Control System re-wrote\n                                  the related contingency plan after initial attempts to test the\n                                  plan showed that it was not executable. In addition, 18\n                                  contingency plans in the Mail Operations business area\n                                  underwent significant revisions after a review of the\n                                  soundness of the proposed contingency strategy revealed\n                                  significant weaknesses.\n\n                                  The Postal Service prepared justifications for not testing the\n                                  124 plans and while we agree that all plans do not require\n                                  comprehensive testing, we believe that the Postal Service\n                                  did not sufficiently justify its decision for at least 44 of the\n                                  124 plans. For example, the Postal Service decided not to\n                                  test several plans in the Marketing area because the\n                                  probability of disruption was low and confidence in the plan\n                                  was high. These high confidence levels may not be justified\n\n\n\n15\n   Sixty percent (124 of 205) plans will not be tested. The 205 include 32 failure scenario plans, 135 information\nsystem plans, and 38 mail processing equipment plans.\n\n                                                      12\n                      This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                             Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                       TR-AR-00-001\n Plan Development and Testing\n\n\n                             Considering the extreme uncertainty of potential Y2K\n                             problems. A listing of the 44 plans lacking adequate\n                             justification is provided in Appendix D.\n\n                             Further, we were also unable to determine whether the\n                             Postal Service plans to test all severe or critical scenarios\n                             within the Finance business area. The Postal Service test\n                             decisions did not specify which scenarios within each plan\n                             were considered.\n\n                             Due to deficiencies existing in contingency and continuity\n                             plans and current time constraints, additional testing of\n                             plans would provide more assurance that the Postal Service\n                             can effectively manage disruptions. In particular, plan walk\xc2\xad\n                             throughs, at a minimum, would ensure that applicable\n                             personnel, at all levels of the organization, understand plan\n                             procedures, their roles, and responsibilities.\n\nRecommendation               Although little time remains before the calendar year\n                             rollover, we recommend that the chief operating officer and\n                             executive vice president, conjunction with the senior vice\n                             president, chief technology officer:\n\n                             4. Expand testing of contingency and continuity plans to\n                                the maximum extent possible. At a minimum, conduct\n                                walk-throughs for those plans that are incomplete.\n\nManagement\xe2\x80\x99s                 Management disagreed with our recommendation to expand\nComments                     the testing of contingency and continuity plans. It stated\n                             that the level of testing performed to date coupled with the\n                             dress rehearsal conducted in late November 1999 is more\n                             than adequate to ensure that the Postal Service is ready to\n                             effectively implement contingency and continuity plans.\n                             Rather management plans to require, where appropriate,\n                             business owners to either provide adequate justification for\n                             not testing plans or conduct tests.\n\nEvaluation of                Although management disagreed with our recommendation,\nManagement\xe2\x80\x99s                 as stated, we found management\xe2\x80\x99s action to ask business\nComments                     owners to either further justify not testing or conduct tests,\n                             responsive to our findings. Such actions further validate\n                             management\xe2\x80\x99s efforts to mitigate year 2000 disruptions.\n\n\n\n\n                                                   13\n                   This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                          Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                              TR-AR-00-001\n Plan Development and Testing\n\n\nQuality Assurance                    In our previous report on business continuity planning,16 we\nProcess                              recommended that the Postal Service enhance its quality\n                                     assurance process to provide needed oversight of business\n                                     contingency and continuity planning efforts. In response to\n                                     our findings, the Postal Service stated that integration of\n                                     business contingency and continuity plans is being\n                                     undertaken to ensure that all cross-references between the\n                                     plans are clear and easy to follow. Further, a dress\n                                     rehearsal, scheduled for late November, has been added to\n                                     the project plan to test the readiness of the field, as well as\n                                     their understanding of how and when to use business\n                                     contingency and continuity plans. Finally, the chief\n                                     operating officer and executive vice president has mandated\n                                     that individuals, throughout the organization, be assigned\n                                     accountability for the roles and responsibilities and the\n                                     implementation of plans, should the need arise. Thus,\n                                     accountability will be monitored through a certification\n                                     process.\n\n                                     While we believe these proposed actions should further\n                                     strengthen business contingency and continuity plans,\n                                     adequate oversight is needed to ensure that gaps in\n                                     planning are addressed and that plans are properly\n                                     integrated and sufficiently tested across multiple\n                                     organizational initiatives. Further, relying on business\n                                     managers alone to certify that plans are complete or that\n                                     roles and responsibilities have been assigned will not\n                                     provide adequate assurance that these steps have been\n                                     taken. For instance, business areas certified that continuity\n                                     plans were sufficient for local implementation; however, little\n                                     or no changes were made to adapt the continuity plans.\n                                     According to the manager for business continuity planning,\n                                     the field did not sufficiently develop procedures for at least\n                                     two scenarios (facility closures and inability of employees to\n                                     get to work), although managers had given their assurances\n                                     that plans were complete.\n\n                                     In addressing any quality assurance process deficiencies,\n                                     the Postal Service should consider the time remaining\n                                     before the calendar year rollover, possible leap year\n                                     disruptions, and operational disruptions from computer\n                                     security failures that interrupt mail services.\n\n\n16\n     See Appendix B for a listing of reports.\n\n                                                          14\n                          This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                                 Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                       TR-AR-00-001\n Plan Development and Testing\n\n\nRecommendation\t              We recommend that the chief operating officer and\n                             executive vice president:\n\n                             5. Require that the proposed quality assurance steps be\n                                taken to ensure that plans are adequately integrated with\n                                other supporting plans and organizational initiatives, and\n                                are properly tested.\n\nManagement\xe2\x80\x99s                 Management agreed with our finding and recommendation\nComments                     to require quality assurance steps be taken to ensure that\n                             plans are adequately integrated and properly tested. They\n                             stated that plans would be reviewed, tests concluded, dress\n                             rehearsals conducted, and plans updated and republished,\n                             where required.\n\nEvaluation of                Management\xe2\x80\x99s comments are responsive to our finding and\nManagement\xe2\x80\x99s                 recommendation. A continual quality assurance process\nComments                     increases confidence that plans will work as intended.\n\n\n\n\n                                                   15\n                   This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                          Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                                    TR-AR-00-001\n Plan Development and Testing\n\n\n                             APPENDIX A\n                RESULTS OF CONTINGENCY PLAN REVIEWS\n\n                          The following tables summarize by business area the number and\n                          percentage of contingency plans lacking key elements\n                          recommended for successful implementation.\n\n Processing and\n                                                                                  Severe and Critical Systems\n Distribution                                                                             ( 38 Plans)\n Contingency Plans                 Elements of a Successful Plan            Number Plans with    % Plans Key with\n                                                                             Incomplete Key      Incomplete Key\n                                                                                Elements            Elements\n                            1   Objectives (Scenario)                              38                 100%\n                            2   Trigger event                                       0                   0%\n                            3   Life of plan                                        0                   0%\n                            4   Procedures (actions)                                0                   0%\n                            5   Roles assigned to actions                           0                   0%\n                            6   Responsibilities assigned to individuals           28                  74%\n                            7   Contact information provided for                    0                   0%\n                                personnel with authority to execute plans\n                            8   Personnel requirements                              4                  11%\n                            9   Scheduling requirements                            38                  100%\n                           10 Tools requirements                                   36                  95%\n                           11 Funding requirements                                  5                  13%\n                           12 Procedures and criteria for normalizing               0                   0%\n                              operations\n\n\n Finance\n Contingency Plans                                                                Severe and Critical Systems\n                                                                                          ( 43 Plans)\n                                   Elements of a Successful Plan            Number Plans with    % Plans Key with\n                                                                             Incomplete Key      Incomplete Key\n                                                                                Elements            Elements\n                            1   Objectives (Scenario)                               0                  0%\n                            2   Trigger event                                       0                   0%\n                            3   Life of plan                                        6                  14%\n                            4   Procedures (actions)                                0                   0%\n                            5   Roles assigned to actions                          17                  40%\n                            6   Responsibilities assigned to individuals           34                  79%\n                            7   Contact information provided for                    0                   0%\n                                personnel with authority to execute plans\n                            8   Personnel requirements                             29                  67%\n                            9   Scheduling requirements                            29                  67%\n                           10 Tools requirements                                   32                  74%\n                           11 Funding requirements                                  7                  16%\n                           12 Procedures and criteria for normalizing              25                  58%\n                              operations\n\n\n\n\n                                                   16\n                   This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                          Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                                 TR-AR-00-001\n Plan Development and Testing\n\n\n\n Marketing\n                                                                               Severe and Critical Systems\n Contingency Plans                                                                     ( 28 Plans)\n                                  Elements of a Successful Plan\n                                                                        Number Plans with        % Plans Key with\n                                                                     Incomplete Key Elements Incomplete Key Elements\n                              1   Objectives (Scenario)                        1                       4%\n                              2   Trigger event                                4                       14%\n                              3   Life of plan                                 5                       18%\n                              4   Procedures (actions)                         0                       0%\n                              5   Roles assigned to actions                    6                       21%\n                              6   Responsibilities assigned to                 14                      50%\n                                  individuals\n\n                              7   Contact information provided for             0                       0%\n                                  personnel with authority to\n                                  execute plans\n\n                              8   Personnel requirements                       10                      36%\n                              9   Scheduling requirements                      23                      82%\n                              10 Tools requirements                            9                       32%\n                              11 Funding requirements                          9                       32%\n                              12 Procedures and criteria for                   2                       7%\n                                 normalizing operations\n\n\n\n Mail Operations                                                               Severe and Critical Systems\n Contingency Plans                                                                     ( 31 Plans)\n                                  Elements of a Successful Plan\n                                                                        Number Plans with        % Plans Key with\n                                                                     Incomplete Key Elements Incomplete Key Elements\n                              1   Objectives (Scenario)                        13                      42%\n                              2   Trigger event                                8                       26%\n                              3   Life of plan                                 16                      52%\n                              4   Procedures (actions)                         4                       13%\n                              5   Roles assigned to actions                    17                      55%\n                              6   Responsibilities assigned to                 30                      97%\n                                  individuals\n\n                              7   Contact information provided for             0                       0%\n                                  personnel with authority to\n                                  execute plans\n\n                              8   Personnel requirements                       25                      81%\n                              9   Scheduling requirements                      31                     100%\n                              10 Tools requirements                            20                      65%\n                              11 Funding requirements                          23                      74%\n                              12 Procedures and criteria for                   4                       13%\n                                 normalizing operations\n\n\n\n\n                                                   17\n\n                   This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                          Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                                 TR-AR-00-001\n Plan Development and Testing\n\n\n\n Enabling                                                                     Severe and Critical Systems\n Contingency Plans                                                                    (33 Plans)\n                                 Elements of a Successful Plan\n                                                                       Number Plans with        % Plans Key with\n                                                                    Incomplete Key Elements Incomplete Key Elements\n                             1   Objectives (Scenario)                        6                       18%\n                             2   Trigger event                                5                       15%\n                             3   Life of plan                                 8                       24%\n                             4   Procedures (actions)                         11                      33%\n                             5   Roles assigned to actions                    21                      64%\n                             6   Responsibilities assigned to                 33                     100%\n                                 individuals\n\n                             7   Contact information provided for             0                       0%\n                                 personnel with authority to\n                                 execute plans\n\n                             8   Personnel requirements                       20                      61%\n                             9   Scheduling requirements                      28                      85%\n                            10 Tools requirements                             21                      64%\n                            11 Funding requirements                           21                      64%\n                            12 Procedures and criteria for                    10                      30%\n                               normalizing operations\n\n\n\n\n                                                   18\n\n                   This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                          Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                       TR-AR-00-001\n Plan Development and Testing\n\n\n                             APPENDIX B\n                PRIOR INSPECTOR GENERAL Y2K REPORTS\n\nIn November 1999, we issued a report entitled Year 2000 Initiative: Suppliers, Mail\nProcessing Equipment, Facilities, and Embedded Chips (Report No. IS-AR-00-001\ndated November 30, 1999), which noted that the Postal Service needs to place more\nemphasis on the issue of alternative suppliers. Specifically, we recommended that the\nPostal Service needs to develop supplier contingency plans and establish a\nno-later-than date when it will look to these alternative suppliers to take over for its at\xc2\xad\nrisk critical suppliers, i.e., suppliers who may not be Y2K ready or who have already\nreported their inability to become Y2K ready.\n\nIn September 1999, we issued a report entitled Business Contingency and Continuity\nPlanning: Initiation and Business Impacts, (Report No. TR-AR-99-002 dated September\n29, 1999), that noted several areas in which management had taken positive steps to\nmitigate Y2K disruptions. In addition, our audit identified several areas in which\nmanagement needs to strengthen its strategy and business impact analysis.\n\nIn September 1999, we issued a report entitled Year 2000 Initiative: Review of\nAdministration: Status Report on Postal Service Year 2000 Readiness, (Report No. IS-\nAR-99-002 September 20, 1999), that provided the May 1999 status of postal initiatives\nrelating to information systems, exchanges, contingency plans, mail processing\nequipment, suppliers, facility sites, continuity plans, and testing.\n\nIn July 1999, we issued Year 2000 Initiative: Review of Administration, (Report No. FR-\nMA-99-002 dated July 7, 1999). Among the more significant issues, we noted that\nadequate controls often were not in place to monitor contractor activities, information\noften had not been provided to Integrated Business Systems Solutions Center\npersonnel to help in controlling Y2K resources, and work products provided by\ncontractor personnel were not timely or adequate.\n\nThe OIG and General Accounting Office established a joint partnership in the fall of\n1998, to work on Y2K issues which led to February 1999 testimony before several\nHouse subcommittees. The Inspector General testimony on the Postal Service Y2K\nInitiative, (Report No. IS-TR-99-001 dated February 23, 1999), addressed major\nchallenges facing the Postal Service. These included: developing and implementing a\nbusiness contingency and continuity plan; determining whether external suppliers and\nPostal facilities are Y2K ready; deploying solutions and testing mail processing\nequipment; and reviewing, correcting, and testing information systems, data exchanges,\nand information technology infrastructure. The GAO delivered testimony entitled\n\xe2\x80\x9cYear 2000 Computing Crisis: Challenges Still Facing the U.S. Postal Service (GAO/T-\nAMID-99-86, dated February 23, 1999) which addressed Y2K operational issues similar\nto those presented in the IG testimony.\n\n\n                                                   19\n                   This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                          Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                       TR-AR-00-001\n Plan Development and Testing\n\n\nIn February 1999, we issued a Y2K report entitled Year 2000 Initiative: Program\nManagement Reporting (Report No. IS-AR-99-001, dated February 18, 1999) that\naddressed quality and reliability of Y2K information reported to senior managers. We\nfound that Y2K briefings and reports to senior management were not often complete,\nconsistent, or clear. Y2K briefings did not include a standard report on the overall status\nof Y2K progress and were not provided at regularly scheduled intervals. As a result,\nsenior managers were not always able to use the information to monitor Y2K progress\nand make informed decisions.\n\nIn September 1998, we issued a Y2K report entitled Year 2000 Initiative: Post\nImplementation Verification, (Report No. IS-AR-98-003, dated September 29, 1998),\nthat involved an assessment of the efficiency and effectiveness of the process\nimplemented as an independent check on Postal Service remediation efforts. This\nreport recommended that the Postal Service modify its system certification and post\nimplementation verification procedures to improve the quality of systems sent to\nverification as well as the process itself. Postal Service management fully concurred\nwith our findings and recommendations.\n\nIn July 1998, we issued a Y2K report, entitled Year 2000 Initiative: Status of the\nRenovation, Validation, and Implementation Phases, (Report No. IS-AR-98-002, dated\nJuly 21, 1998), that involved a preliminary assessment of the renovation, validation, and\nimplementation phases of the Postal Service Y2K initiative. It contained\nrecommendations for improvement in several areas including accurately reporting the\ncompliance status of systems applications. Postal Service management fully concurred\nwith our findings and recommendations.\n\nIn July 1998, we issued a letter report, entitled Year 2000 Contract Indemnification\nAdvisory Letter (Report No. CA-LA-98-001, dated July 7, 1998), that addressed\nnegotiations between the Postal Service and a consulting firm regarding the Y2K\nprogram management contract's indemnification clause. That letter contained\nsuggestions to Postal Service management regarding the indemnification issue.\n\nOur first Y2K report entitled Year 2000 Initiative, (Report No. IS-AR-98-001 dated March\n31, 1998). During this review, we examined the awareness and assessment phases of\nthe Postal Service Y2K initiative and made recommendations for improvement in\nseveral areas including assigning accountability to responsible managers. Postal\nService management fully concurred with our findings and recommendations.\n\n\n\n\n                                                   20\n                   This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                          Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                       TR-AR-00-001\n Plan Development and Testing\n\n\n                                  APPENDIX C\n                    STATISTICAL SAMPLING AND PROJECTIONS\n                     FOR REVIEW OF Y2K CONTINUITY PLANS\n\n       Purpose of the Sampling\n\n       One of the objectives of this review was to assess the degree to which the Y2K\n       business continuity plans submitted were tailored for local conditions. In support\n       of this objective, the audit team employed a simple random attribute sample\n       design that allows statistical projection of the plans received from individual\n       facilities.\n\n\n       Definition of the Audit Universe\n\n       The audit universe consisted of 508 submitted plans. No projection is made to\n       facilities that should have submitted plans but did not do so.\n\n\n       Sample Design\n\n       The audit used a simple random sample design. We randomly selected 115\n       plans for review, to provide a one-sided 95 percent confidence interval with 6.5 to\n       7 percent precision for the assumed condition of 50 percent of tailored plans in\n       the sample.\n\n       Statistical Projections of the Sample Data\n\n       The tested attribute, e.g., whether business continuity plans were substantially\n       tailored as compared to the template plan provided by Postal management, is\n       projected to the universe of 508 plans.\n\n       Based on projection of the sample results, we are 95 percent confident that at\n       least 90.7 percent or 461 plans, were not substantially tailored. The unbiased\n       point estimate is 93.9 percent, or 477 plans.\n\n\n\n\n                                                   21\n                   This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                          Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                          TR-AR-00-001\n Plan Development and Testing\n\n\n                                      APPENDIX D\n                            Contingency and Continuity Plans\n                           With Inadequate Testing Justification\n    Business Area                               Plan ID--Title/Scenario                  Criticality/Impact\n                                                                                            Probability\n                                                                                               Rating\n Business Continuity           Mail Transport Equipment (MTE) Availability                     High\n\n Business Continuity           Surface Transportation (Long Haul Trucking) Section 2           High\n\n Business Continuity           US Customs Service                                              High\n\n Business Continuity           Telecommunications \xe2\x80\x93 Section 3 Processing                       High\n\n Business Continuity           Indianapolis                                                    High\n\n Business Continuity           Local Transportation and Traffic Infrastructure                 High\n\n Business Continuity           Surface Transportation (Long Haul Trucking), Section 1          High\n\n Business Continuity           Employees Reporting to Work Section 1: All Processes            High\n                               and Sub-Processes\n Business Continuity           Emery (PMPC) Operations Section 2: Counts, Assigns              High\n                               Route Tag (CART) Assignment System\n Business Continuity           Domestic Air Transportation                                     High\n\n Business Continuity           Potential Facility Closures                                     High\n\n Business Continuity           Postal Service Products and Supplies                            High\n\n Business Continuity           Disruptions to Customer System Create Abnormal                  High\n                               Mailing Behavior\n Business Continuity           Anticipated Disruptions Cause Changes in Mailing                High\n                               Behavior\n       Enabling                Human Resources \xe2\x80\x93 Workers Compensation Information             Critical\n                               System (WCIS)\n       Enabling                Tracking and Reduction-In-Force (TARIF)                        Critical\n\n       Enabling                Human Resources - Safety and Health (S&H)                      Critical\n\n       Enabling                Drivers Screening System                                       Critical\n\n       Enabling                Strategic National Automated Purchasing System                 Severe\n\n       Enabling                Human Resources - Risk Management Reporting                    Severe\n                               System\n       Enabling                National Crime Information Center/National Law                 Severe\n                               Enforcement Telecommunication System\n\n\n\n                                                    22\n                    This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                           Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                           TR-AR-00-001\n Plan Development and Testing\n\n\n    Business Area                                Plan ID--Title/Scenario                  Criticality/Impact\n                                                                                             Probability\n                                                                                                Rating\n       Enabling                 Human Resources \xe2\x80\x93 National Accident Reporting                  Severe\n                                System\n       Enabling                 Financial Exception Reporting System                           Critical\n\n       Finance                  Stamps Application Failure: Stamps Distribution Offices        Severe\n                                cannot log into the systems\n       Finance                  Statement of Account Data Entry failure                        Severe\n\n       Finance                  Emergency Pay Adjustment System Failure - Payroll              Critical\n                                Scenario #20.\n   Mail Operations              National Change of Address (NCOA)                              Critical\n\n   Mail Operations              Fast Forward                                                   Critical\n\n   Mail Operations              Management Operating Data System (MODS)                        Severe\n\n   Mail Operations              Corporate Information System Management Operating              Severe\n                                Data System (CIS MODS)\n   Mail Operations              Computerized Labeling and Address Sequence System              Critical\n                                (CLASSI)\n   Mail Operations              Drop Shipment Appointment System (DSAS)                        Severe\n\n   Mail Operations              Rail Management Information Systems (RMIS)                     Severe\n\n   Mail Operations              Address Matching System (AMS-API)                              Severe\n\n   Mail Operations              Address Change Service (ACS) NCSC                              Critical\n\n   Mail Operations              Management Operation Data System (PC-MODS)                     Critical\n\n      Marketing                 Meter Accounting and Tracking System (MATS)                    Critical\n\n      Marketing                 CISS IPSS Production Tracking System (IPTS)                    Critical\n\n      Marketing                 Consumer Affairs Messaging System (CAMS)                       Critical\n\n      Marketing                 Centralized Meter Licensing System (CMLS)                      Critical\n\n   Processing and               Identification Code Sorting, PICS/SICS                         Critical\n     Distribution\n   Processing and               Vending Activity Reporting System (VARS)                       Critical\n     Distribution\n   Processing and               Delivery Barcode Sorter Input/Output Sub-System                Critical\n     Distribution\n   Processing and               Computerized Forwarding System II                              Critical\n     Distribution\n\n\n\n\n                                                     23\n                     This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                            Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                       TR-AR-00-001\n Plan Development and Testing\n\n\n                 APPENDIX E. MANAGEMENT\xe2\x80\x99S COMMENTS\n\n\n\n\n\n                                                   24\n                   This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                          Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                       TR-AR-00-001\n Plan Development and Testing\n\n\n\n\n                                                   25\n\n                   This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                          Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                       TR-AR-00-001\n Plan Development and Testing\n\n\n\n\n                                                   26\n\n                   This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                          Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                       TR-AR-00-001\n Plan Development and Testing\n\n\n\n\n                                                   27\n\n                   This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                          Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                       TR-AR-00-001\n Plan Development and Testing\n\n\n\n\n                                                   28\n\n                   This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                          Year 2000 Information and Readiness Disclosure Act.\n\x0cY2K Business Contingency and Continuity Planning:                                       TR-AR-00-001\n Plan Development and Testing\n\n\n\n Major Contributors to\n This Report\n\n\n\n\n                                                   29\n                   This is a Year 2000 Readiness Disclosure as defined in PL-105-271,\n                          Year 2000 Information and Readiness Disclosure Act.\n\x0c"